Date: Tue, 15 Sep 2015 18:00:49 +0100 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: Forcing use of newer version of OpenSSL Message-ID: <55F84EC1.3090908@freebsd.org> In-Reply-To: <20150915123306.55760c0d@seibercom.net> References: <20150915123306.55760c0d@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ngL4tWUCJql15i8r7QJRoJ0XXfGwLlGWt
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 09/15/15 17:33, Jerry wrote:
> I have both OpenSSL 1.0.1l-freebsd 15 Jan 2015 {located in /usr/bin} an=
d
> OpenSSL 1.0.2d 9 Jul 2015 {located in /usr/local/bin} residing on my sy=
stem.
> Now, I want to use and hopefully link programs against the "port", ie, =
newer
> version. If I adjust the path to use "/usr/local/bin" first, some progr=
ams
> fail to build. I discovered this a few months ago and received that bit=
of
> knowledge on this forum. I therefore changed the path so "/usr/bin" goe=
s
> before "/usr/local/bin". That has the effect of causing the older versi=
on of
> OpenSSL being used.
>=20
> Other than permanently changing the path, and then changing it back whe=
n a
> build fails, how can I permanently fix this problem. IMHO, the newer ve=
rsion
> should permanently overwrite the older version. I don't need or want t=
o
> versions. Since the older version comes with the base system, I am hesi=
tant
> to try and remove it. In a perfect world, the base system would be upda=
ted,
> but I guess that is not going to happen anytime soon.
For anything you want to compile from ports, just add:
WITH_OPENSSL_PORT=3D yes
to /etc/make.conf (or /usr/local/etc/poudriere.d/make.conf if you're
using poudriere)
Additionally you have to be careful of some ports that have GSSAPI
options -- don't enable GSSAPI support from the base system, or you'll
end up with a binary linked against two different versions of OpenSSL
libraries. Apart from that, the ports openssl is pretty much a drop-in
replacement.
For stuff you're compiling yourself, outside of ports, you need to force
your compilation to use the appropriate -I (for include files) and -L
(for libraries) search paths when compiling C code. How to do this is
specific to the compilation system used by whatever code your trying to
compile.
It's not feasible to remove openssl from base -- too much stuff in base
needs it -- nor is it feasible to overwrite the base openssl with the
ports version -- the ABIs have changed between the two versions.
I believe the ultimate plan is to make the base version of openssl a
private library and require all ported software to use the ports version
of openssl, but that is for future implementation.
Cheers,
Matthew
=09
--ngL4tWUCJql15i8r7QJRoJ0XXfGwLlGWt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJV+E7CAAoJEABRPxDgqeTngwYP/i+VKcwoo2IiHRV++IVJLEBg
/hiO8xCfRempCULSMb6DYiJpCHMlLs5cPazOntFikvasEOxaMdZxSe15r3cxOmi5
BOZ2n/3pxN+2oN2TIhyO7fmahSsdVVOz9J/Uavub9v1AWlGp400CQjBoNgK8I7Qd
qcVKIObn73ytArVdLVJX40tpT9hG/jEd/jno4udWVZOxZsAjQgYY/Q8U8BGN971c
QGXjsA3GCvjlwTjGT++FR7L1y0lrLSpWRCBqBQXE3nA3toHw5ETJExsovsmzCcxQ
xtr4hJ9o+7WLbzkEDhtSJQriJF0WKtLXJb1BSU4E1EzeuAWRPD+fY/D/I52RuJ2D
D27771g+4fbR8cq9D16VyYPxARb5wePqR8bmvWYhvootewJCXRKorKKPJZ+zvLrs
O9IlnfBDHIyFihd0qo3ZMQfWAZeP5McRsGNTYH5480LK3QaI42YcPJv+PZInPT6c
t+ukfkeUbn1gr1/K0rMGHFJoBzi87OAWbpEHbtFsJBAKh3a7JRzYywH+gOZQvVPa
O8f/jONfuiYQH67AlY7Vxkiav9ZGyXZqScnU4ZKvWOMXR09JI5J4np+csAq+JNWq
ML1V+7Ioxfr7MxwsusUvHvIeayNyYwlRDy8UBKOTaCz7KSi1di4bfM1uCG7pp7Ic
VKbXum3rkx7tUf/T3B9g
=B+Cq
-----END PGP SIGNATURE-----
--ngL4tWUCJql15i8r7QJRoJ0XXfGwLlGWt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55F84EC1.3090908>